sftp non-interactive login
I realize this is a common issue. I have read a number of other entries but nothing works for me.
I wish to automate file uploads to ipage.com using sftp. Man pages on sftp say I must use non-interactive login and give reference ssh-keygen. I used ssh-keygen to make two files. I put one in ~/.ssh/authorized_keys on server. when I run following script: sftp -i ~/.ssh/id_rsa -P 2222 USER@ftp.ipage.com I am still asked for password. I have tried several other things recommended at other forums to no avail. Perhaps ipage does not support passwordless login or ssh(1) or ssh(2). I don't know how to find out and customer service is not helpful. Any help would help. Thanks in advance. |
make sure your authorized keys file has the proper permissions. If the permissions are too lax SSH won't use it.
Code:
chmod 750 ~ |
Still no luck
Thank you for the response. I changed file permissions as specified on client and server. sftp still wants password. I also used ssh-add to add identity. I remade the id_rsa files without the -t rsa option. I never get any error messages; just a prompt for my password no matter what I try.
|
Try adding -v to your sftp call, it should print more info about why you're being prompted for a password.
|
Here is the output if you wouldn't mind giving your input. I am unable to interpret. I will substitute ?????? for data which seems to be of a sensitive nature.
OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to ftp.ipage.com [66.96.147.100] port 2222. debug1: Connection established. debug1: identity file /home/jesse/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/jesse/.ssh/id_rsa-cert type -1 debug1: Remote protocol version 2.0, remote software version mod_sftp/0.9.8 debug1: no match: mod_sftp/0.9.8 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA ????????????????????????????????? debug1: Host '[ftp.ipage.com]:2222' is known and matches the RSA host key. debug1: Found key in /home/jesse/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/jesse/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: Authentications that can continue: publickey,password debug1: Offering RSA public key: /home/jesse/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: Authentications that can continue: publickey,password debug1: Next authentication method: password ????????????@ftp.ipage.com's password: Thank you in any case for all the help you have offered thus far. I might add that customer service at ipage swears up and down that they do not support ssh. |
I just compared that to a working public key authentication on my own machine. The relevant part is below (differences versus your output in bold):
Code:
debug1: Next authentication method: publickey |
I have checked that there are write permissions are only for user on home/ .ssh/ and authorized_keys2 (I tried changing name. Which perhaps refers to protocol 2). Is there perhaps a way to ensure that the server has PubkeyAuthentication Yes and RSAAuthentication Yes?
|
Look into /etc/ssh/sshd_config; full docs here http://www.openssh.com/manual.html
|
Still no luck
I greatly appreciate your help suicidaleggroll and chrism01. I do not have sshd_config on my system. This file seems to be used by sshd, a server daemon which I do not have installed. I did find etc/ssh/ssh_config and I added the line:
PubkeyAuthentication yes which changed the last five lines of my output to: debug1: Offering RSA public key: /home/jesse/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: read PEM private key done: type RSA debug1: Authentications that can continue: publickey,password debug1: Next authentication method: password I also added the following to no effect (of course) HostbasedAuthentication yes IdentityFile ~/.ssh/id_rsa EnableSSHKeysign yes I would really like to implement this public key authentication. It seems like the appropriate way to protect a clients data when automating uploads to a webhost. Any further help, advise, or insight from anyone would be greatly appreciated. I will show my file permissions and my 2 bash scripts if that helps anyone: sftp> pwd Remote working directory: /.ssh sftp> ls -al drwx------ 2 USER www 3 Jul 3 12:10 . drwxr-x--- 8 USER www 28 Jul 2 11:58 .. -rw------- 1 USER www 404 Jul 2 16:24 authorized_keys [jesse .ssh]$ ls -al total 20 drwx------ 2 jesse jesse 4096 2012-07-02 13:23 . drwx------ 34 jesse jesse 4096 2012-07-03 07:17 .. -r-------- 1 jesse jesse 1679 2012-07-02 13:23 id_rsa -rw------- 1 jesse jesse 404 2012-07-02 13:23 id_rsa.pub -rw------- 1 jesse jesse 540 2012-06-29 16:16 known_hosts sftp -2 -v -i /home/jesse/.ssh/id_rsa -P 2222 USER@ftp.ipage.com ssh -2 -v -i /home/jesse/.ssh/id_rsa -p 2222 USER@ftp.ipage.com |
if you own both servers you can start over and try following these basic steps:
Code:
[rx30@rx30 ~]$ cd .ssh Code:
$ ls -laF /home/XXX/.ssh/ Code:
drwxr-xr-x 2 rx30 group 4096 Jul 3 16:18 .ssh Code:
drwx------. 2 XXX XXX 4096 Jul 3 16:18 .ssh/ |
giving up
thank you lleb for your contribution. I do not have control of the remote server. I tried your steps but couldn't get ssh-copy-id to connect. I am also unable to connect with ssh. I have been able to connect with ftp and sftp. At this point I am going to desist from further attempts. Perhaps it is a red herring. Perhaps I am in over my head. Thank you, everyone, for your time.
|
All times are GMT -5. The time now is 04:12 PM. |